<?php
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//
// DLMan by Shedd Technologies International		  				//
// http://www.dlman.com | info@dlman.com							//
// Copyright 2003 by STI, All rights reserved.						//
// ---------------------------------------------------------------- //
// Usage of this software is governed by the terms of GPL. 	    	//
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//

require_once("global.php");
ob_start();//start content buffer

if(!isset($user5b)) $user5b="NULL";
if(!isset($user5a)) $user5a="NULL";
if($user5b=="NULL")
	$user5=$user5a;
else
	$user5=$user5b;
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\
	if(isset($uarea)&&$uarea==""){
		?>
		<P><STRONG><FONT face=Verdana>User Management</FONT></P>
		<?php
	}
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\
	//Manage Admins
	//---------------------------------------------------------------------
	elseif($uarea=="finduser"){
	//send username as $user5 to ?action=user
		print "<form action=\"$PHP_SELF\" method=\"post\">";
		?>
			<P align=center><STRONG><FONT face=Verdana>Manage Users</FONT></STRONG></P>
			<DIV align="center">
			Enter Username: <input type="text" name="user5a" size="25">
			<b>OR</b>
			Select a Username: 
			<select name="user5b" size="1" class="prefinput">
			<option value="NULL">Select</option>
			<?php
				$sql="SELECT * FROM ".$config->dt['user'];
				$result=mysql_query($sql);
				while($value=mysql_fetch_array($result)){
					print '<option value="';
					print $value[$config->field['username']];
					print '">';
					print $value[$config->field['username']];
					print '</option>';
				}//end while
			?>
			</select><br>
			<input type="radio" name="uarea" value="admin" <?php ($pref=="admin")?print "CHECKED":print ""; ?> >Manage Admin Permissions
			<input type="radio" name="uarea" value="manage" <?php ($pref=="manage")?print "CHECKED":print ""; ?>>Manage Users
			<br><input type="submit" class="but" value="Manage">
			</form>
			</DIV>
		<?php
	}//end find user
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\
	elseif($uarea=="admin"){
			if(!isset($edit)){
				global $HTTP_POST_VARS,$HTTP_GET_VARS;
				if(!isset($user5)||$user5=="NULL"){
					if(isset($HTTP_POST_VARS['user5']))	$user5=$HTTP_POST_VARS['user5'];
					else $user5=$HTTP_GET_VARS['user5'];
				}
				
				if($user5==""){
					die("No user selected.");
				}
				
				//manage admins
				$result=mysql_query("SELECT * FROM ".$config->dt['user']." WHERE ".$config->field['username']." = '$user5';");
				if(mysql_num_rows($result)==0) die("User Does Not Exist.");
				$value=mysql_fetch_array($result);
				?>
					<form action="<?php print $PHP_SELF; ?>?uarea=admin" method="post">
					<input type="hidden" name="edit" value="true">
					<input type="hidden" name="user5" value="<?php print $user5; ?>">
					<FONT face=Verdana><b><?php print $user5; ?>'s status: </b></FONT>
					<select class="prefinput" name="isadmin" size="1">
						<?php
						if($value[$config->field['usergroupid']]==$config->values['admin']){
							?>
								<option value="<?php print $config->values['normuser']; ?>">Normal User</option>
								<option value="<?php print $config->values['admin']; ?>" SELECTED>Administrator</option>
							<?php
						}
						else{
							?>
								<option value="<?php print $config->values['normuser']; ?>" SELECTED>Normal User</option>
								<option value="<?php print $config->values['admin']; ?>">Administrator</option>
							<?php
						}//end else
						?>
					</select>&nbsp;&nbsp;
					<input type="submit" value="Modify" class="but">
					<br><br>
					<DIV style="background-color: yellow;"><FONT face=Verdana><STRONG>USERS WHO ARE RUNNING THIS SYSTEM INTEGRATED 
					WITH A COMMUNITY SOFTWARE:</STRONG>&nbsp; 
					Please be advised that this utility DOES NOT support the various usergroups such as 
					Moderator or Banned User which your community software may support.&nbsp; 
					Therefore,&nbsp;you should use your community&nbsp;software to change a user's 
					permissions&nbsp;if the user that you are editting falls under a category other 
					than Administrator or Registered User.</FONT></DIV>
					</form>
				<?php
			}//end edit is not set
			elseif($edit==true){
				global $HTTP_POST_VARS;
				$user5=$HTTP_POST_VARS['user5'];
				//update user table
				$sql="UPDATE ".$config->dt['user']." SET ".$config->field['usergroupid']."='".$isadmin."' WHERE ".$config->field['username']."='".$user5."';";
				//Process Query
				$err=false;
				$result="";
				if(!$result=mysql_query($sql)){
					print "<p>Error in updating data!<br>";
					print mysql_error();
					print '<br><a href="';
					print $PHP_SELF;
					print '?uarea=admin&user5='.$user5.'">Click Here to try again</a><br><br>';
					print "$sql</p>";
					$err=true;
				}//end error
				
				if($err!=true){
					?><br><br><div align="center">
					<STRONG><FONT face=Verdana size=2>All settings have been updated.</FONT></STRONG>
					<?php
					print '<br><br><a href="';
					print $PHP_SELF;
					print '?uarea=admin&user5='.$user5.'">Click Here to Continue</a></div><br><br>';
				}//end no error
				else{
					print "Error in updating information.  Please try again.";
				}//end error
			}//end edit is == true
	}//end manage admins
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\
	//Manage Users
	elseif($uarea=="manage"){
		//show/edit user preferences for the present user
		global $HTTP_POST_VARS,$HTTP_GET_VARS;
		if(!isset($user5)||$user5=="NULL"){
			if(isset($HTTP_POST_VARS['user5']))	$user5=$HTTP_POST_VARS['user5'];
			else $user5=$HTTP_GET_VARS['user5'];
		}
		
		if($user5==""){
			die("No user selected.");
		}
		
		print '<FONT FACE="Verdana"><P ALIGN="CENTER"><b>';
		if(!isset($edit)){//check to see if edit var is set
		/*
		print out a form field for each below bit
		have the user submit the form with editted fields
		password blank for no change - click on link to change = popup
		*/
		$result=mysql_query("SELECT * FROM ".$config->dt['user']." WHERE ".$config->field['username']." = '$user5';");
		if(mysql_num_rows($result)==0) die("User Does Not Exist.");
		$value=mysql_fetch_array($result);
		?>
		<script language="JavaScript" type="text/javascript">
		//check to make sure that email is valid
		function validEmail(email){
			invalidChars=" /:,;";
			if(email==""){
				return false
			}
			for(i=0; i<invalidChars.length; i++){
				badChar = invalidChars.charAt(i);
				if(email.indexOf(badChar,0)>-1){
					return false
				}
			}//end for
			atPos=email.indexOf("@",1);
			if(atPos==-1){
				return false
			}
			if(email.indexOf("@",atPos+1)>-1){
				return false
			}
			periodPos=email.indexOf(".",atPos);
			if(periodPos==-1){
				return false
			}
			if(periodPos+3 > email.length){
				return false
			}
			return true
		}//end validEmail
		
		function submitIt(prefForm){
			if(!validEmail(prefForm.email.value)){
				alert("Invalid Email Address");
				prefForm.email.focus();
				prefForm.email.select();
				return false
			}
			return true
		}//end submitIt
		
		function passChg(){
			window.open('passgen.php?user5=<?php print $user5; ?>&<?php print session_name()."=".session_id()?>', 'newwindow', config='height=400, width=400, toolbar=no, menubar=no, scrollbars=yes, resizable=yes, location=no, directories=no, status=no')
		}//end passChg
		
		function fileEdit(){
			window.open('fileedit.php?user5=<?php print $user5; ?>&<?php print session_name()."=".session_id()?>', 'newwindow', config='height=400, width=400, toolbar=no, menubar=no, scrollbars=yes, resizable=yes, location=no, directories=no, status=no')
		}//end fileEdit
		
		//show status bar messages
		function statusbar(statusmsg){
			window.status=statusmsg
			return true
		}
		//end show status bar message function
		</script>
		<font size="3">User Information for <u><?php print $user5; ?></u></font></b></p>
		<form onSubmit="return submitIt(this)" action="<?php print $PHP_SELF; ?>" method="post" name="prefs">
		<input type="hidden" name="edit" value="true">
		<input type="hidden" name="uarea" value="<?php print $uarea; ?>">
		<input type="hidden" name="user5" value="<?php print $user5; ?>">
		<table width="100%" align="center" cellspacing="0" cellpadding="2" border="0">
		<tr>
		    <td bgcolor="#efefef" colspan="2"><P align=left>User Information:&nbsp;</P></td>
		</tr>
		<tr><td colspan="2" bgcolor="black"></td></tr>
		<tr>
		    <td bgcolor="#efefef">
		      <P align=right>Username:&nbsp;</P></td>
		    <td>&nbsp;<?php print $value[$config->field['username']];?></td>
		</tr>
		<tr>
		    <td bgcolor="#efefef">
		      <P align=right>Password:&nbsp;</P></td>
		    <td>&nbsp;****** (<a href="javascript:passChg()" onMouseover="return statusbar('Change password')" onMouseout="return statusbar('')">click to change</a>)</td>
		</tr>
		<tr>
		    <td bgcolor="#efefef">
		      <P align=right>Email Address:&nbsp;</P></td>
		    <td>&nbsp;<input class="prefinput" type="text" name="email" value="<?php print $value[$config->field['email']];?>" size="25"></td>
		</tr>
		<tr>
		    <td bgcolor="#efefef">
		      <P align=right>Date Registered:&nbsp;</P></td>
		    <td>&nbsp;<?php print date("l F d, Y",$value[$config->field['joindate']]); ?></td>
		</tr>
		<tr>
		    <td bgcolor="#efefef">
		      <P align=right>Products:&nbsp;</P></td>
		    <td>&nbsp;<a href="javascript:fileEdit()" onMouseover="return statusbar('View & Edit Products')" onMouseout="return statusbar('')">Edit</a></td>
		</tr>
		<tr><td colspan="2" bgcolor="black"></td></tr>
		<tr>
		    <td colspan="2" bgcolor="#b7b7b7">
		      <P align=center><input type="submit" value="Modify" class="but"></P></td>
		</tr>
		</table></form>
		<div align="center">
			<br>
			<script language="JavaScript" type="text/javascript">
			<!--Hide Script from Old Browsers
			//Check to make sure that the user really wants to delete user
			function doVerify(closerequest){
				var txt="Are you sure that you want to delete this user?  THIS ACTION CAN NOT BE UNDONE!"
				if(!confirm(txt)){
					alert("User was not deleted!");
					return false;
				}
				else{
					return true;
				}
			}
			//End Hide-->
			</script>
			<form method="post" action="<?php print $PHP_SELF; ?>" onsubmit="return doVerify(this);">
				<input type="hidden" name="action" value="cc_delete">
				<input type="hidden" name="thetype" value="<?php print $config->dt['user']; ?>">
				<input type="hidden" name="idfield" value="<?php print $config->field['userid']; ?>">
				<input type="hidden" name="idval" value="<?php print $value[$config->field['userid']]; ?>">
				<input type="hidden" name="urlback" value="<?php print "$PHP_SELF?uarea=$uarea"; ?>">
				<input type="hidden" name="confirm" value="Yes">
				<input type="submit" value="DELETE USER" class="but">
			</form>
		</div>
		<?php
		}
		elseif($edit==true){
				//make changes
			global $HTTP_POST_VARS;
			$user5=$HTTP_POST_VARS['user5'];
			$sqlcode=array("UPDATE ".$config->dt['user']." SET ".$config->field['email']."='$email'  WHERE ".$config->field['username']." = '$user5';");
			$err=false;
			foreach($sqlcode as $sql){
				$result="";
				if(!$result=mysql_query($sql)){
					print "<p>Error in updating data!<br>";
					print mysql_error();
					print '<br><a href="';
					print $PHP_SELF;
					print '?uarea=manage&user5='.$user5.'">Click Here to try again</a><br><br>';
					print "$sql</p>";
					$err=true;
				}//end error
			}//end loop
			
			if($err!=true){
				?><br><br><div align="center">
				<STRONG><FONT face=Verdana size=2>All settings have been updated.</FONT></STRONG>
				<?php
					print '<br><br><a href="';
					print $PHP_SELF;
					print '?uarea=manage&user5='.$user5.'">Click Here to Continue</a></div><br><br>';
			}//end no error
			else{
				print "Error in updating information.  Please try again.";
			}
		}//end make changes
	}//end area = manage
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\
$content=ob_get_contents();//store content to global buffer var
ob_end_clean();
?>
